Anonym Potato
-
Posts
21 -
Joined
-
Last visited
-
Days Won
1
Anonym Potato's Achievements
Newbie (1/14)
3
Reputation
-
security Masterpassword stored locally
Anonym Potato replied to Anonym Potato's topic in Data Security
I just tried... when I restart the device, 1Password asks to reenter the master password. Whats the difference? -
security Masterpassword stored locally
Anonym Potato replied to Anonym Potato's topic in Data Security
Retaining the master password in memory, like on desktops??? My whole problem is, that the password is stored permanent on the Flash memory. If you turn off your phone, the master password can still be recovered. All the other password managers do it like this. Why does Enpass thinks, the user is unable to enter the master password on device restart? I would even say, that this makes it much more probable to forget your password, if you never have to retype it. -
security Masterpassword stored locally
Anonym Potato replied to Anonym Potato's topic in Data Security
Articles like this: https://resources.infosecinstitute.com/ios-application-security-part-12-dumping-keychain-data/#gref describe how to extract this data. The fact that you refuse an security audit for ios and that master keys are physically stored, make me really nervous. -
security Masterpassword stored locally
Anonym Potato replied to Anonym Potato's topic in Data Security
The Security Whitepaper says: „Enpass stores an obfuscated version of your master password in iOS Keychain that can only be accessed by Enpass“ I don‘t understand why the masterkey needs to be stored on the flash memory. Even if this protects the key against other apps. It don‘t protects the key from being physically retrieved. I don‘t get why this risk is even necessary. Why can we not get the same security like 1Password users, by simply entering the key on every startup. -
How can I uninstall Enpass on my Linux (Ubuntu 19.04) machine?
-
Don't store password of secondary vault.
Anonym Potato replied to Anonym Potato's topic in Data Security
I just moved to MiniKeePass. This app is a bit outdated, but because of a working security model still a much more secure alternative. It is really sad, but Enpass give no f** about security. Still no security audit for iOS, master keys stored on the flash memory, secondary keys stored in primary database. -
Why don't you open source your code? Open source don't mean free, and I don't think that a lot of people would build the software from the source code. Nobody is wasting so much time, to save 12€. Enpass is cheap as hell, and no one, would pirate it.
-
Do you know, if there is any good Keepass Port for iOS? I like, MiniKeePass, but the project seems to be dead.
-
Hello, I am relatively new to Enpass, I noticed, that after reboot, I can use the PIN to access my fault. How can this be secure? This means that the Masterpassword is stored locally on the flash memory. This and the fact, that there have never been an security audit for iOS really worries me. Can someone explain to me, how this might possibly secure? I have a feeling, that the reason, why there is no security audit is, that they know, that there is no way there application passes the audit.
- 18 replies
-
- 1
-
-
- ios
- masterpassword
- (and 2 more)
-
When does there comes an security audit for iOS?
-
Just found the solution by myself: below the "Share" button there is a "..." When you tap it, you get the Option "Add to Vault" > "Move"
-
I am using Enpass for one day and I still having an hard time figuring out, how to do basic stuff. How can I move Objects from one fault to another?
-
I just understood, that the problem was, that on the webdav was another db file. Problem solved.
-
Hello, I just managed to enable webdav, but it still won't sync. I entered the right url username and password. I get an message: "Sync Error Password of data on WebDAV is required" When I tap on Resolve, I can enter the webdav password again. Afterwards it gives me an weird message: "Please note that after the sync, the password of data on WebDAV will be changed to password of "Tresor-Name" vault." What does this mean? What can I do? I am using an iPhone XR on the latest iOS version.
-
Don't store password of secondary vault.
Anonym Potato replied to Anonym Potato's topic in Data Security
Ok. I just bought the App vor MacOS and iOS. I hope Sinew will fix this soon. Until then, I will have to continue paying for 1Password. Why not add an feature like this as en add-on? I am sure there are a lot of people filling to pay 5€ to get more security. It is really sad, because this might be such an ideal way to get away from this multiple password manager work around.